Who Are We?

everydayhero in the UK is a service provided by Everyday Hero Limited, an entity established under the laws of England and Wales. You can contact everydayhero via help@everydayhero.co.uk or by writing to everydayhero, 2nd Floor, Blue Fin Building, 110 Southwark Street, London, SE1 0TA, United Kingdom. This Policy applies to our collection and use of your data in connection with our services, like the everydayhero website (the "Services").

How to Reach Our Data Protection Officer?

How Do We Notify You of Changes to this Policy?

We keep this Policy under regular review and place updates on the everydayhero website. We will also provide notifications of material changes via email or other channels. If you keep using the Services after we notify you, you consent to the updated Privacy Policy. If not, you may cancel your account.

What Are Your Rights?

everydayhero recognises that your personal data belongs to you and we don't wish to use it in ways that you don't want us to.

You can control whether or not you receive most types of email from everydayhero by visiting the "Manage Notifications" tab in your account.

You can also exercise a variety of rights regarding our use of your data:

You can ask us for a copy of the information we have about you

You can ask us to correct any incorrect data we have about you and you can also update your account details yourself at any time by visiting your everydayhero account

To exercise any of the foregoing rights, click here. Note that some of these rights may not be enforceable until 25 May 2018 and some aren't absolute—for example, we may not be able to forget you if we have to keep some of your data to comply with the law—but we'll evaluate your request in accordance with applicable data protection laws. everydayhero will respond to your request within one month of receiving it. Also, note that you have the right to lodge a complaint with the supervisory authority in your country of residence or place of work.

What's Our Relationship with Charities?

We know that it's complicated, but when you use the Services to make a donation or fundraise, some of your data is collected by us for the charity's use and some is for ours. This makes us a data controller for the data we need to create your everydayhero account, give you general customer support, send you helpful updates from everydayhero and monitor and improve our Services. Charities are data controllers for donation and fundraising data, even though those activities happen on our platform.

For more information, here's a handy infographic.

What Data Do We Collect?

As stated above, we collect data for our use to create your account, give you general customer support, send you helpful updates from everydayhero and monitor and improve our products. We discuss what data we collect for those purposes below.

Charities ultimately determine the data we collect related to your donations and fundraising and how they'll use that data. Even so, we thought it would be helpful to describe the data we're collecting on their behalf when you make a donation or fundraise, so that information is also below.

We don't receive any personal data about you other than what you provide us, either by creating an account, using the Services, from Facebook, Fitbit, Twitter, MapMyFitness and Strava (your "Connections") when you agree to share data between the Services and your Connections, or data we can infer from your use of the Services.

WHAT WE COLLECT FOR US:

When you create an everydayhero account: We will collect basic contact information about you to set up your account. This will include your name, address, email address and phone number. We will also ask you to select a password so you can gain secure access to your account in the future.

Alternatively, you may authorise us to collect your basic personal details from a secure online source (e.g. Facebook, Strava or MapMyFitness) to which you have already provided this information.

When you sign in to everydayhero using your Connections: If you choose to log in via one of the Connections, we will receive your profile information to allow you to login and populate our records about you. In addition, we obtain access to the following data:

When you connect your Facebook account, and only if you give us permission (via Facebook's preference settings), everydayhero may obtain access to your friend list but we only receive the names of your friends who are also everydayhero users. We will only use this to see if people on your friends list are also using our website.

When you connect your MapMyFitness account, everydayhero will receive your workouts, routes, courses, friendships and data friends have shared with you. We will use this information to allow you to share your workout information on your pages.

You can control whether or not your Connections share this data with us, either by changing your preferences in the "Manage Connections" tab in your account or, if available, by visiting the app setting controls on the Connections' websites.

When you use the Services: We also collect information about your use of our Services, including your IP address, mobile device identifier, how much time you spend on the site, and what you do or view. We do this through the use of cookies. To read more about our use of cookies, please refer to our separate cookies page.

WHAT WE COLLECT FOR CHARITIES:

When you make a donation: To enable us to process donations, we will collect basic payment information as well as your name, home address and email address.

When you create a fundraising page: We will use the details you provided when you set up your account to create your fundraising page. Where applicable, we will ask you to provide details of how and when you are intending to fundraise and/or the occasion you are recognising by carrying out the fundraising.

When you give us information about others: You may decide to provide us with information about others (or authorise us to collect this information on your behalf from your social networks) for example:

so we can help you tell your friends and family about charity fundraising you are carrying out; or

if you start fundraising for, or in the memory or in celebration of, another person

You must ensure that they have agreed to you providing us with their information. Where required by local laws, we would advise you to keep a record of their agreement and provide them with a copy of, or link to, this Policy. This is especially the case if you provide us with sensitive information about them (e.g. a reference to an illness or health condition).

You should also only contact individuals using the Services who you know would be happy to hear from you and must not use our Services to send unsolicited 'spam' messages.

What Happens If You Don't Want Us to Have Your Data?

You are not required to provide personal data to us. Note, however, that your failure to do so may affect our ability to provide the Services you request. For example, we are unable to process your donation to a fundraiser if you do not provide your payment information.

How Do We Use Your Data?

everydayhero uses your personal data to allow you to create an account, to give you customer support about general site usage, to send you communications and to enhance your ability to fundraise. We also use your data to help us make everydayhero better.

Help You Use the Website: We use your information to provide customer support about your use of the Services generally, like if you have problems accessing your account. Note that if we provide customer support with your donation or fundraiser, we do so on the charity's behalf.

Communications: We use your information to send you some different types of emails (on our own behalf and on behalf of charities) and you can stop receiving them as set forth below:

Types of Emails

On Whose Behalf Are They Sent?

How Can You Stop Getting Them?

Fundraising page notifications, team fundraising notifications, important updates from campaigns you're fundraising in

The charity you donate to or fundraise for

You can opt out by visiting the "Manage Notifications" tab in your account or click unsubscribe on any email

Helpful updates from everydayhero

everydayhero

You can opt out by visiting the "Manage Notifications" tab in your account or click unsubscribe on any email

Triggered by actions you take using the Services, like page creation and cancellation notification emails

The charity you donate to or fundraise for

You can't opt out of these, but you won't receive any unless you take an action on everydayhero. To stop receiving these emails, just don't take any actions on the platform.

Containing communications charities are required to provide you by law, like donation receipts and Gift Aid information

The charity you donate to or fundraise for

Charities have to send these emails as required by law, as long as you make a donation or claim Gift Aid. To stop receiving these emails, just don't make a donation or claim Gift Aid.

Containing communications we're required to provide you by law, like notices about data breaches

everydayhero

We have to send these emails as required by law, as long as you have an everydayhero account. To stop receiving these emails, please contact us to delete your account. We may still send them if a breach occurred you when you were a user.

Making everydayhero Better: We use aggregated and personal data about you and your use of our Services to develop and test better fundraising tools, to drive our research and development and to better understand our users and charity partners. everydayhero does this analysis using a variety of data sources—transactional data (how you use the Services), click stream and log data (web traffic and Services usage), email data (how you respond to emails we send you), survey data, customer service data and data you agree to share with us from your Connections. We may send you surveys about the Services, but you can opt out of these by visiting the "Manage Notifications" tab in your account and participation is completely voluntary.

On What Legal Bases Do We Process Your Data?

We process your personal data on a variety of legal bases depending on the use. Note that the charities who are data controllers with respect to your donation and fundraising data determine the legal basis for our processing of such data, so please contact them for more information.

Under applicable data protection law, everydayhero can process your personal data on one of six legal bases: with your explicit consent, or if it is necessary for the performance of a contract, to comply with a legal obligation, to protect a person's vital interests, for the performance of a task carried out in the public interest or in the exercise of controller's official authority or for legitimate interests of the controller.

everydayhero justifies the following processing activities on the bases listed below:

Consent:
Linking your everydayhero account with your Connections

Performance of a Contract (aka performing services you request). When you request that we perform certain functions for you, these activities require that we process your personal details, or else we can't perform the function you're requesting:

The functions you can request from us are to:

Sign up as a user

Sign up as a charity

Legitimate Interests:

Internal Reporting and Analysis to improve everydayhero

Sending you helpful updates from everydayhero, including surveys

Sending emails to charity and other organisational users

How Are We Using Your Data Based on Our Legitimate Interests?

We may process your personal data for the purposes of our legitimate interests, provided that these uses aren't outweighed by your rights or interests. For any uses we justify on the basis of legitimate interest, you have the right to opt out of such processing here.

Making everydayhero Better: As stated above, we use aggregated and personal data about you and your use of our Services to develop and test better fundraising tools, to drive our research and development and to better understand our users and charity partners. We also send you surveys about our Services, which are voluntary. These activities are necessary to fulfil our interest in creating better tools for enhancing the ecosystem of good by helping us create better technology, better communications and a better website.

Sending Emails: We use charity users' data to send organisations marketing communications about our Services and offerings from our affiliated organisations. We also use your data to send you helpful updates from everydayhero, like updates about new features and recommendations about other campaigns you might like. As for most companies, our ability to send such emails is necessary for our commercial interests and may allow us to expand our base of charity partners and users.

For each of the foregoing purposes, we have conducted a legitimate interest assessment to ensure that such processing isn't overridden by your rights or interests. We employ safeguards, such a formal data governance programme and robust security measures, to protect your privacy.

Are We Doing Any Automated Decision Making?

everydayhero does not conduct automated decision-making on its users.

With Whom Are We Sharing Your Data?

We may disclose your data to our affiliated organisations and subsidiaries, and to service providers who render services to us or you on our behalf (all of which are contractually obligated to act only on our instructions and in accordance with applicable laws, including GDPR). We also may disclose your information if required by law, requested by law enforcement authorities or to enforce our legal rights. We may share your information in connection with a sale or reorganisation of everydayhero.

organisations within the payment card industry - to help prevent online fraud;

IT, information security and cloud services providers – to help us provide the Services and keep your data safe;

communication providers – to assist us with the processing and delivery of email and other communications;

behavioral analytics tools – to collect and help us understand data when you use our Services, described in the "How Do We Use Your Data?" Section.

We also share your personal data with fundraisers and charities as follows:

Fundraisers: If you donate to a fundraising page, we pass on details about you that are already publicly available on the page. In other words, we let the page creator know your display name, your comment (if you've made one) and amount of your donation (if you've chosen not to make it anonymous).

Charities: We share with charities and not-for-profits details about donations made to them and fundraising pages created for their behalf, including your personal data, and they're actually the data controller of such information. For more information, please see the section "How Do Charity Partners Use My Data?" below.

Event Partners and Companies: We sometimes share data about fundraising pages with third parties that host or sponsor events so they can understand who is fundraising for their events and how well fundraising efforts are progressing or performed. The data we share with these event partners and companies includes fundraiser name, the name and creation date of your page, your fundraising target, how much you have raised and the number of donors to your page. If an event benefits multiple charities and you choose to fundraise for a particular charity, event partners and companies will also receive the name of the charity for which you're fundraising. This data is already publicly available on fundraising pages. Event partners and companies don't receive personal data about donors.

How Do Charity Partners Use My Data?

As stated above, when you donate to or fundraise for a charity, that charity is the data controller for the personal data related to that transaction and everydayhero only acts on behalf of the charity when it handles that data. This means that such charities are responsible for their own compliance with data protection laws when they use your personal data, and all such use is subject to the charity's own privacy notice. When charities receive your details, they are required to send you their privacy notice. everydayhero is not responsible for charities' use of your personal data or the charities' compliance with applicable laws.

When you donate to or create a fundraising page, everydayhero will ask whether or not you consent to receiving email from the charity about the impact of your donation and other ways to support them including future events, campaigns and appeals. We will pass your consent preference on to the charity.

If you want to change your preferences for a charity to use your data (to contact you or otherwise), please contact the charity directly.

Note that charities receive information about supporters from lots of different sources. We're not the system of record for our charity partners, so we can only collect and evidence your consent to receive email fundraising appeals from our charity partners as you elect on our platform. We cannot reflect any changes in your consent preferences that you make directly with the charity. For example, if you opt in to receive emails from a charity when you make a donation through everydayhero, but then you subsequently opt out by telling the charity, everydayhero won't have a record that you opted out of receiving email from that charity.

Where Are We Sending Your Data?

Some of our service providers and affiliated organisations may lie outside the EU. Therefore, sometimes we may transfer your data outside the EU. If we do, we ensure your data is processed only in countries that provide an adequate level of protection for your data or where the recipient provides appropriate safeguards, such as model contract clauses, binding corporate rules, or mechanisms like the EU-U.S. Privacy Shield framework. For a copy of such safeguards, please contact us.

How Do We Use Personal Data of Our Partner Users?

If you work for a charity or company that has a business relationship with everydayhero, we use your data in slightly different ways than for individual users of the Services.

We collect a charity user's name, position, work email address and office number. We use this data to enable you to sign into your organisation's account. In addition, we may use your data to perform business services you request. Finally, we will send you the following email communications: operational emails, customer service emails and business marketing emails. You can opt out of receiving emails from us by clicking "unsubscribe" on the bottom of our emails, but you cannot opt out of service emails related to your requests.

How Long Do We Keep Your Data?

We keep your personal data in an identifiable form for as long as we have a legitimate reason to use the data and as required by law. If you would like us to remove any information please contact us.